How to Solve Telnet Connection Refused?

The telnet command is usually used to log in remotely. The telnet program is a remote login client program based on the TELNET protocol. The Telnet protocol is a member of the TCP/IP protocol suite, and is the standard protocol and main method of the Internet remote login service. It provides users with the ability to complete remote host work on the local computer.
Simple Application Server
USD1.00 New User Coupon
* Only 3,000 coupons available.
* Each new user can only get one coupon(except users from distributors).
* The coupon is valid for 30 days from the date of receipt.

telnet [-8acdEfFKLrx][-b<host alias>][-e<exit character>][-k<domain name>][-l<user name>][-n<record file>][-S<service type >][-X<Authentication Type>][Host Name or IP Address <Communication Port>]

parameter

-8 Allows the use of 8-bit character data, including input and output
-a Attempt to automatically log in to the remote system
-b<host alias> Use alias to specify remote host name
-c Do not read the .telnetrc file in the user-specific directory
-d start the debug mode
-e<Escape character> Set escape character
-E filter out the characters
-F When using Kerberos V5 authentication, add this parameter to upload the authentication data of the local host to the remote host
-f This parameter has the same effect as the "-F" parameter
-k<domain name> When using Kerberos authentication, add this parameter to let the remote host use the specified realm name instead of the host's domain name
-K does not automatically log in to the remote host
-l<user name> Specify the user name to log in to the remote host
-L allows output of 8-bit character data
-n<record file> Specify file record related information
-r Use a user interface similar to the rlogin command
-S<Service Type> Set IP TOS information required for telnet connection
-x Assuming that the host has the function of supporting data encryption, use it
-X<Authentication form> Close the specified authentication form

Usage example

Example 1: The remote server cannot be accessed

[root@linuxprobe ~]# telnet 192.168.120.209
Trying 192.168.120.209...
telnet: connect to address 192.168.120.209: No route to host
telnet: Unable to connect to remote host: No route to host
Ways to deal with this situation:
(1) Confirm whether the IP address is correct
(2) Confirm whether the installation corresponding to the IP address has been turned on
(3) If the host has been started, confirm whether the routing settings are set correctly (use the route command to check)
(4) If the host has been started, confirm whether the telnet service is enabled on the host (use the netstat command to check whether the TCP port 23 has a LISTEN status line)
(5) If the host has started the telnet service, confirm whether the firewall has opened port 23 access (use iptables-save to check)

Example 2: The domain name cannot be resolved

[root@linuxprobe ~]# telnet www.baidu.com
www.baidu.com/telnet: Temporary failure in name resolution
Ways to deal with this situation:
(1) Confirm whether the domain name is correct
(2) Confirm whether the settings related to the domain name resolution of the machine are correct (whether the nameserver configuration in /etc/resolv.conf is correct, if not, you can use nameserver 8.8.8.8)
(3) Confirm whether the firewall has allowed UDP53 port access (DNS uses UDP protocol, port 53, use iptables-save to view)

Example 3: Access denied

[root@linuxprobe ~]# telnet 192.168.120.206
Trying 192.168.120.206...
telnet: connect to address 192.168.120.206: Connection refused
telnet: Unable to connect to remote host: Connection refused
Ways to deal with this situation:
(1) Confirm whether the IP address or host name is correct
(2) Confirm whether the port is correct, whether the default port is 23

To check whether a port of 192.168.120.206 can be accessed, such as port 443, you can use the following command

[root@linuxprobe ~]# telnet 192.168.120.206 443
Trying 192.168.120.206...
telnet: connect to address 192.168.120.206: Connection refused
Note: This means that port 443 of 192.168.120.206 cannot be accessed

Example 4: Login of telnet root user

[root@linuxprobe ~]# telnet 192.168.120.204
Trying 192.168.120.204...
Connected to 192.168.120.204 (192.168.120.204).
Escape character is'^]'.

    localhost (Linux release 2.6.18-274.18.1.el5 #1 SMP Thu Feb 9 12:45:44 EST 2012) (1)

login: root
Password:
Login incorrect
Note: Under normal circumstances, root is not allowed to log in remotely. You can log in with a normal account first, and then su-switch to the root user. To allow root users to log in, the following methods can be used:

[root@linuxprobe ~]# vi /etc/pam.d/login
#auth required pam_securetty.so #Comment this line!
or
[root@linuxprobe ~]# mv /etc/securetty /etc/securetty.bak
Example 5: Enable telnet service

[root@linuxprobe ~]# cd /etc/xinetd.d/
[root@linuxprobe xinetd.d]# ll
Total 124
-rw-r--r-- 1 root root 1157 2011-05-31 chargen-dgram
-rw-r--r-- 1 root root 1159 2011-05-31 chargen-stream
-rw-r--r-- 1 root root 523 2009-09-04 cvs
-rw-r--r-- 1 root root 1157 2011-05-31 daytime-dgram
-rw-r--r-- 1 root root 1159 2011-05-31 daytime-stream
-rw-r--r-- 1 root root 1157 2011-05-31 discard-dgram
-rw-r--r-- 1 root root 1159 2011-05-31 discard-stream
-rw-r--r-- 1 root root 1148 2011-05-31 echo-dgram
-rw-r--r-- 1 root root 1150 2011-05-31 echo-stream
-rw-r--r-- 1 root root 323 2004-09-09 eklogin
-rw-r--r-- 1 root root 347 2005-09-06 ekrb5-telnet
-rw-r--r-- 1 root root 326 2004-09-09 gssftp
-rw-r--r-- 1 root root 310 2004-09-09 klogin
-rw-r--r-- 1 root root 323 2004-09-09 krb5-telnet
-rw-r--r-- 1 root root 308 2004-09-09 kshell
-rw-r--r-- 1 root root 317 2004-09-09 rsync
-rw-r--r-- 1 root root 1212 2011-05-31 tcpmux-server
-rw-r--r-- 1 root root 1149 2011-05-31 time-dgram
-rw-r--r-- 1 root root 1150 2011-05-31 time-stream
[root@linuxprobe xinetd.d]# cat krb5-telnet
# default: off
# description: The kerberized telnet server accepts normal telnet sessions, \
# but can also use Kerberos 5 authentication.
service telnet
{
        flags = REUSE
        socket_type = stream
        wait = no
        user = root
        server = /usr/kerberos/sbin/telnetd
        log_on_failure += USERID
        disable = yes
}
The configuration parameters are usually as follows:
service telnet
{
disable = no #enable
flags = REUSE #socket can be reused
socket_type = stream #The connection method is TCP
wait = no #Start a process for each request
user = root #The user who starts the service is root
server = /usr/sbin/in.telnetd #The process to be activated
log_on_failure += USERID #Log in user name when login fails
}
If you want to configure the list of clients allowed to log in, add
only_from = 192.168.0.2 #Only allow 192.168.0.2 login
If you want to configure a list of clients that are forbidden to log in, add
no_access = 192.168.0.{2,3,4} #Forbid 192.168.0.2, 192.168.0.3, 192.168.0.4 to log in
If you want to set the opening hours, join
access_times = 9:00-12:00 13:00-17:00 # Only these two hours are open every day (our working hours: P)
If you have two IP addresses, one is the IP address of the private network, such as 192.168.0.2, and the other is the IP address of the public network, such as 218.75.74.83. If you want users to log in to the telnet service only from the private network, then join
bind = 192.168.0.2
For the specific meaning and syntax of each configuration item, please refer to xined configuration file attribute description (man xinetd.conf)

Configure the port and modify the services file:

# vi /etc/services
Find the following two sentences
telnet 23/tcp
telnet 23/udp
If there is a # character before it, remove it. The default port of telnet is 23. This port is also the main target of hacker port scanning. Therefore, it is best to modify this port. The modification method is very simple, which is to modify the number 23 and change it to a larger number, such as 61123. Note that port numbers below 1024 are reserved by the internet, so it is best not to use them, and care should be taken not to conflict with other service ports.
Start the service: service xinetd restart